I’m a subscriber to long time UK Tech journalist and Blogger, Charles Arthur / @charlesarthurOverspill blog where he currates links etc. Recently, he linked to an old report, from 2010, but it’s always worth reminding people of the dangers of photocopiers, fax machines and multi-function printers, especially older ones.

Copiers that are lightly used often have a lifecycle of 10-15 years. If you buy rather than lease, it’s quite possible you still have one that doesn’t include encryption of the internal hard drive. Even with a encrypted drive, there is still potential to hack the device software and retrieve the key, although pretty difficult.

The surprise thing is that many modern Multi-function Printers (MFP) also have local storage. While in modern models it is not an actual hard drive, it is likely to be some form of onboard flash memory ala cell phone memory, either part of the system board or via an embedded SD card. It’s worth remembering that these machines are Fax, copier, printers, and scanners all in one machine.

The US Federal Trade Commision has a web page that covers all the basics, in plain language.

Whatever the device, it is still incumbent on the owner to ensure it is wiped before returning it, selling it, or scrapping it. PASS IT ON!

For those interested in how you can get data from a copier/MFP type device, Marshall University Forensic Science team has a paper, here.

I have a Netgear NAS that is out of support, in fact, since I have an identical NAS that wakes-up Tuesdays at 2am and backs-up the primary NAS, I have two of them. While they are out of support, Netgear has been good at fixing urgent vulnerabilities. Of course, since I can’t see the source, I don’t know what vulnerabilities they have not fixed.

Kate and I went to see Blade Runner 2049 on the opening day at the local AMC cinema. It’s a bit of a thing of mine to sit through ALL, and I mean all of the end credits, As we left the theater, there it was, right at the very bottom of the screen, unseen from the seats, the Windows XP Start-button. I have no idea what projector they were using, but yes, many projectors did, and obviously still do run Windows XP.

I don’t propose to become an expert on OpenSSL, much less the greater security field, but I know people who are. My role in the Linux Foundation Core Infrastructure Initiative was to help Dell recognize how we can support a key industry technology, and at least give Dell the ability to have input on what comes next.

Our SonicWall team have many experts. They’ve published a great blog both on their product positioning and use in relation to Heartbleed and vulnerabilities, and Network Security product manager Dmitriy Ayrapetov raises the question, in a world of mostly TCP traffic, are TLS Heartbeats even necessary?

The Dell SecureWorks Counter Threat Unit™ (CTU) have a blog on malware arising out of and exploiting the heartbleed vulnerability. Another great Dell resource well worth following for those with an interest in security.

As I know from search engine referrals to my blog a lot of readers arrive here for searches on firmware, open source and security, I thought it worth adding a link to point to the official Dell Corporate response to the current concerns on the Der Spiegel report.

8:16 AM Dell (DELL) says that it will snap up network security player SonicWall from P-E firm Thomas Bravo for an undisclosed amount in a deal that is expected to close within 45 days. SonicWall was taken private by Thomas Bravo back in 2010.

10:15 AM Here is a link to the formal corporate announcement with more detail on SonicWall

When I first ordered from Zappos.com and they screwed up with the packaging, craming a $200+ dollar jacket in a shoe box, so much so I had to have it professionally steamed to get the creases out, I was prepared to forgive them. After another order they put me on their VIP list, free shipping both ways[read shipping included in the price, since they are anything but cheap.] Zappos is an Amazon.com business.

My 3rd order was for some shoes, I ordered a 12, they shipped an 8. I returned them free, instead of a refund, I got a credit note. I’d have happily accepted the right size, but they didn’t have them. I did do at least one more order, but have backed off recently.

Then late last week I got an email telling me they’d been hacked, some of my data and my password had been compromised, they’d reset my password and I should logon and change it. So I tried. Their system responded “”We are so sorry, we are currently not accepting international traffic. If you have any questions please email us at help@zappos.com”.

Here is my summary email sent back to them today. What’s clear is that their customer service, average under normal circumstances, is less than what I’d expect, VIP or not.

“No wonder you got hacked. Let recap, please read carefully…

1. You got hacked
2. You write to me telling me to change my password
3. Your system won’t let me change my password because I’m overseas attending my father’s funeral.
4. I ask you to remove my account and ALL my data
5. You write back telling me to change my password
6. I write back telling you that wasn’t what I asked, and to delete my account and remove all my data
7. You write back telling me to deactivate my own account
8. I can’t. See #3
9. I write this email back pointing out how useless you are.”

I spent Friday afternoon in a wet Round Rock parking lot where we held the launch thank you party for the team that put together the 11th Generation of Dell servers and the associated management software. We don’t complain about rain in Austin, it feeds some of the best things about town, namely Barton Springs, Lake Travis, which feeds Town Lake where I run, and the lake at Pure Austin North where I swim, in perfect conditions, twice per week. The celebration was sponsored by our partner Broadcom.

The event was hosted by our executives, including Michael Dell, and they made some important observations on the process to design the servers, market acceptance and customer feedback. While I was waiting in the food line, one the other folks and I got talking, he said “I looked at your blog the other day and you didn’t write anything on the Dell Management Console”. And he’s right.

It’s a significant step forward for Dell customers and for Dell. The DMC is based on the modular Symantec Management Platform architecture and offers a comprehensive set of features at no additional cost. While I was in IBM Power Systems, one of the fights I had with them was over their console and management strategy. While I’m sure they had good reasons the way they did, what they did, their ongoing strategy couldn’t follow the same path of fragmented consoles for this, consoles for that, different interfaces, different terminology for the same things etc. I’m hopeful still that when they introduce their next generation of servers, they’ll have learned the lessons that Dell already has.

DMC replaces the existing Dell hardware management console, Dell OpenManage IT Assistant. DMC has a plug-in architecture that allows the console to be extended with additional function and to be used as a manager for other scenarios, devices etc. However, true to the Dell mission to simply IT, Reduce TCO and one way we are doing that is to included a significant amount of function in the base, rather than as chargeable plugins. Here’s a summary of the major functions and improvements over prior offerings:

Hardware – multiple choices on how to explore, report and understand hardware configs plus export as tables; many pre-configured reports asd well as the ability to create your own.

Proactive heartbeat monitoring is also supported, based on a user defined schedule; event suscription is also supported for Dell servers and MIBs can be imported for non-Dell hardware.

You can push config changes and agent, BIOS, driver and firmware patches to many servers simultaneously without scripting.

Security – you can group devices and servers by geographical, logical, organisztional or type, or create your own. These can then be managed using role based secuity. You can create your own roles, or import them from Microsoft Active Directory.

Software – Support for hypervisors such as VMware(r) ESXi as well as Microsoft and Citrix. Health monitoring, discovery of virtual machines, associate to physical host server etc. Also included is the normal OS monitoring of utilization for memory, processors, free space and I/O.

Networking – The console includes support for a broad range of devices, but also includes support for Fibre Channel switches.

Thats an outline of the support in the new Dell Management Console, powered by Altiris from Symantec. I went to look for a couple of white papers to include links for. One with a more detailed list of device support and a second with a more comprehensive strategy that showed the plug-in architecture and the other function available for DMC. I came across this great resource, the Dell POWER Solutions magazine(just a hint of irony).

Here is a link where you can download the entire magazine, as a 21Mb PDF file. Alternatively, here is a link for an index into the articles where you can review each article seperately.

About & Contact

I'm Mark Cathcart, formally a Senior Distinguished Engineer, in Dells Software Group; before that Director of Systems Engineering in the Enterprise Solutions Group at Dell. Prior to that, I was IBM Distinguished Engineer and member of the IBM Academy of Technology. I am a Fellow of the British Computer Society (bsc.org) I'm an information technology optimist.

I was a member of the Linux Foundation Core Infrastructure Initiative Steering committee. Read more about it here.